private function insert_user($data) { $user = new User(); $salt = substr(uniqid(rand()), -6); $time = time(); $ip = getRealIp(); $password = md5(md5($data['password']) . $salt); $authkey = Yii::$app->security->generateRandomString(); $password_reset_token = Yii::$app->security->generateRandomString() . '_' . time(); $password_hash = Yii::$app->security->generatePasswordHash($data['password']); $user->username = $data['username']; $user->password = $password; $user->auth_key = $authkey; $user->password_hash = $password_hash; $user->password_reset_token = $password_reset_token; $user->mobile = $data['mobile']; $user->email = $data['email']; $user->card_id = $data['card_id']; $user->reg_date = $time; $user->reg_ip = $ip; $user->last_login_date = $time; $user->last_login_ip = $ip; $user->salt = $salt; $result = $user->save(); if ($result) { $session = Yii::$app->session; if (!$session->isActive) { $session->open(); } $session['user'] = ['id' => $result, 'username' => $user->username]; } return $result; }
/** * Complete the login for a user by incrementing the logins and setting * session data * * @param object $user user model object * @return void */ protected function completeLogin($user = NULL) { if (!is_object($user) or !$user instanceof User) { return FALSE; } $user->Logins += 1; $user->LastIP = $user->IP; $user->IP = getRealIp(); $user->save(); $this->session->regenerate(); $simpleUser = new User_Simple(); $simpleUser->setUser($user->getArrayCopy()); $this->session->set($this->config['session_key'], $simpleUser); return TRUE; }
function writeLog($where) { $ip = getRealIp(); // Get the IP from superglobal $host = gethostbyaddr($ip); // Try to locate the host of the attack $date = date("d M Y"); // create a logging message with php heredoc syntax $logging = <<<LOG \t\t \t\t<< Start of Message >> \t\tThere was a hacking attempt on your form. \t\tDate of Attack: {$date} \t\tIP-Adress: {$ip} \t\tHost of Attacker: {$host} \t\tPoint of Attack: {$where} \t\t<< End of Message >> LOG; // Awkward but LOG must be flush left // open log file if ($handle = fopen('hacklog.log', 'a')) { fputs($handle, $logging); // write the Data to file fclose($handle); // close the file } else { // if first method is not working, for example because of wrong file permissions, email the data $to = '*****@*****.**'; $subject = 'HACK ATTEMPT'; $header = 'From: primerproyecto@gmail.com'; if (mail($to, $subject, $logging, $header)) { echo "Sent notice to admin."; } } }
if (!$database->has("saves", array("AND" => array("user_id" => $user_id, "module_type" => "author", "module_id" => $poet_id)))) { $ins_id = $database->insert("saves", array("user_id" => $user_id, "module_type" => "author", "module_id" => $poet_id, "ip" => getRealIp())); if ($ins_id) { echo 1; } else { echo 0; } } } } //--save favourites poet--// if ($action == "add_fav_user") { $my_id = $_SESSION['user_id']; if ($user_id) { if (!$database->has("saves", array("AND" => array("user_id" => $my_id, "module_type" => "users", "module_id" => $user_id)))) { $ins_id = $database->insert("saves", array("user_id" => $my_id, "module_type" => "users", "module_id" => $user_id, "ip" => getRealIp())); if ($ins_id) { echo 1; } else { echo 0; } } } } //--poem post to facebook--// if ($action == 'post_to_facebook') { $fbid = $_SESSION['fbid']; if ($fbid) { $poem_for_post = $database->get("poems", "*", array("id" => $poem_id)); $_share = array('message' => clean($poem_for_post['poem_title']), 'link' => clean(get_url($database, "poem", $poem_id, $poem_for_post['poem_slug'])), 'name' => clean(site_name), 'description' => clean(strip_tags($poem_for_post['poem']))); $access_token = $facebook->getAccessToken();
require $rootdir . 'smarty/libs/Smarty.class.php'; $smarty = new Smarty(); $smarty->compile_check = true; $smarty->debugging = false; $curtemplate = $_SESSION["gw_template"]; if (!$curtemplate) { $curtemplate = "default"; } if ($curtemplate_overwrite) { if (file_exists($etel_root_path . "/tmpl/" . $curtemplate_overwrite . "/cp_header.tpl")) { $curtemplate = $curtemplate_overwrite; } else { etelPrint($etel_root_path . "/tmpl/" . $curtemplate_overwrite . "/cp_header.tpl Not Found"); } } $smarty->template_dir = $etel_root_path . "/tmpl/" . $curtemplate . "/"; $smarty->compile_dir = $etel_root_path . "/tmpl/" . $curtemplate . "_c/"; $smarty->config_dir = $etel_root_path . "/tmpl/" . $curtemplate . "/config/"; $tmpl_dir = $etel_domain_path . "/tmpl/" . $curtemplate . "/"; $smarty->assign("rootdir", $etel_domain_path); $smarty->assign("tempdir", $tmpl_dir); $smarty->assign("display_stat_wait", $display_stat_wait); $smarty->assign("gw_phone_support", $_SESSION["gw_phone_support"]); $smarty->assign("gateway_title", ':: ' . $_SESSION["gw_title"] . ' Payment Gateway :: '); $smarty->assign("page_title", $pageConfig['Title']); if (!$pageConfig['HideHeader']) { require_once $rootdir . 'includes/links.php'; } if (isProxy()) { dieLog("Proxy Server - " . getRealIp(), "Proxy Server Detected. Please do not use a Proxy Server when accessing your Merchant Login."); }
// get the users display name $_SESSION['email'] = $results[4]; // users email address $_SESSION['group'] = $results[5]; // what ecg-group is the user in $_SESSION['auth'] = true; // authorise user to access logged in areas $_SESSION['wrong'] = 0; // reset wrong counter $_SESSION['hack'] = 0; // reset hack atempt count setcookie("game", $game_input, time() + 60 * 60 * 24 * 31, $path); // set the game cookie equal to the game choosen in the login form $_SESSION['finger'] = $ses->getFinger(); // find the hash of user agent plus salt $ip = getRealIp(); // get users current IP $result = $dbl->newUserInfo($ip, $results[0]); // update user to have new time and IP sendHome(); // return to home page exit; // We are done with this page so we can end here } elseif ($_POST['lostpw']) { // if this is a lost password first step submit $page = 'lostpw'; if (verifyFormTokenLogin('lostpw', $tokens) == false) { // verify token ifTokenBad('Lost Password'); } // if bad log and send error
if ($ip) { array_unshift($ips, $ip); $ip = FALSE; } foreach ($ips as $v) { if (checkIP($v)) { $ip = $v; break; } } } if ($ip == false && $_SERVER['REMOTE_ADDR'] == '127.0.0.1') { echo 'unknown'; } return $ip ? $ip : $_SERVER['REMOTE_ADDR']; } function checkIP($ip) { if ('10.' == substr($ip, 0, strlen('10.')) || '192.168.' == substr($ip, 0, strlen('192.168.'))) { return false; } if ('172.' == substr($ip, 0, strlen('172.')) && intval(explode($ip, '.')) >= 16 && intval(explode($ip, '.')) <= 31) { return false; } if ('127.0.0.1' == $ip) { return false; } return true; } echo getRealIp(); //echo checkIP('11.169.1.1');
<?php chdir('..'); require_once "includes/function.php"; $etel_debug_mode = 0; $etel_disable_https = 1; $cAffiliateRef = preg_replace("/[^0-9A-Za-z]/", '', $_GET['Af_Ref']); $Merchant_Ref = preg_replace("/[^0-9A-Za-z]/", '', $_GET['Mr_Ref']); require_once "includes/dbconnection.php"; $data = array(); $data['Clicker_Ref'] = $_COOKIE['cClickerRef']; $data['Affiliate_Ref'] = $cAffiliateRef; $data['Merchant_Ref'] = $Merchant_Ref; $data['host_name'] = gethostbyaddr(getRealIp()); $data['ip_address'] = getRealIp(); $data['tc_time'] = time(); $data['this_url'] = $_SERVER['HTTP_REFERER']; //$_SERVER['REQUEST_URI']; $data['refer_url'] = rawurldecode($_GET['URL_Ref']); if (!$data['Affiliate_Ref']) { $url_info = parse_url($data['this_url']); parse_str($url_info['query'], $vars); if ($vars['Af_Ref']) { $data['Affiliate_Ref'] = preg_replace("/[^0-9A-Za-z]/", '', $vars['Af_Ref']); } } etel_record_click($data); if (!$_COOKIE['cClickerRef'] && $data['Clicker_Ref']) { etel_set_cookie("cClickerRef", $data['Clicker_Ref'], time() + 60 * 60 * 24 * 30, '/'); } if ($data['Affiliate_Ref']) {
<?php include "includes/sessioncheck.php"; require_once "includes/dbconnection.php"; include "includes/header.php"; require_once 'includes/function.php'; $agree_contract = isset($HTTP_GET_VARS['agree_contract']) ? Trim($HTTP_GET_VARS['agree_contract']) : "0"; if ($agree_contract) { $cd_contract_ip = getRealIp(); $cd_contract_date = time(); } $sessionlogin = isset($HTTP_SESSION_VARS["sessionlogin"]) ? $HTTP_SESSION_VARS["sessionlogin"] : ""; $completedUploadingDoc = isset($HTTP_GET_VARS['completed']) ? Trim($HTTP_GET_VARS['completed']) : ""; $str_qry = "update cs_companydetails set merchant_contract_agree = '{$agree_contract}',cd_contract_ip='{$cd_contract_ip}',cd_contract_date='{$cd_contract_date}' where userId = '{$sessionlogin}'"; if (!mysql_query($str_qry, $cnn_cs)) { dieLog(mysql_errno() . ": " . mysql_error() . "<BR>"); } $str_completed_uploading = isset($HTTP_GET_VARS['completedUploading']) ? Trim($HTTP_GET_VARS['completedUploading']) : ""; if ($completedUploadingDoc != "") { $str_qry = "update cs_companydetails set completed_uploading = '{$str_completed_uploading}' where userId = {$sessionlogin}"; if (!mysql_query($str_qry, $cnn_cs)) { dieLog(mysql_errno() . ": " . mysql_error() . "<BR>"); } } $str_qry = "select completed_uploading from cs_companydetails where userId = {$sessionlogin}"; if (!($sql_select_val = mysql_query($str_qry, $cnn_cs))) { dieLog(mysql_errno() . ": " . mysql_error() . "<BR>"); } else { $confirm = ""; if (mysql_result($sql_select_val, 0, 0) == "Y") { $confirm = "checked";
function general_login($username, $password, $usertype, $gatewayid, $reset_session = true, $redirect = true) { global $cnn_cs; global $etel_domain_path; global $etel_debug_mode; global $database; //mysql_select_db($database["database_main"],$cnn_cs) or dieLog("Unable to connect database"); $sql = "SELECT * FROM {$database['database_main']}.`etel_gateways` where `gw_id`= '{$gatewayid}'"; $result = sql_query_read($sql, $cnn_cs) or die(mysql_error() . " {$sql}"); $gw = mysql_fetch_assoc($result); //mysql_select_db($gw["gw_database"],$cnn_cs) or die("Unable to connect database ".$gw["gw_database"]); $username = strtolower($username); $password = strtolower($password); if ($reset_session) { session_unset(); } if (!$_SESSION["gw_switch"]) { $_SESSION["gw_switch"] = $gatewayid; } $_SESSION["gw_database"] = $gw['gw_database']; $_SESSION["gw_id"] = $gw['gw_id']; $_SESSION["gw_template"] = $gw['gw_template']; $_SESSION["gw_links"] = $gw['gw_links']; $_SESSION["gw_folder"] = $gw['gw_folder']; $_SESSION["gw_index"] = $gw['gw_index']; $_SESSION["gw_title"] = $gw['gw_title']; $_SESSION["gw_emails_sales"] = $gw['gw_emails_sales']; $_SESSION["gw_user_username"] = $username; $_SESSION["gw_user_password"] = $password; $_SESSION["gw_user_hash"] = md5($username . $password); $redir_add = "&nr=1"; if (!strpos(base64_decode($_REQUEST['login_redir']), "?")) { $redir_add = "?nr=1"; } // Find Entity $sql = "\r\n\tselect \r\n\t\ten.*\r\n\tfrom \r\n\t\tcs_entities as en \r\n\twhere \r\n\t\ten_username='******' \r\n\t\tand en_password='******' \r\n\t"; $ip = getRealIp(); $result = sql_query_read($sql) or dieLog(mysql_error()); if ($userInfo = mysql_fetch_assoc($result)) { sql_query_write("update cs_entities set en_last_IP = '{$ip}', en_last_login = NOW() where en_ID = '" . $userInfo['en_ID'] . "'") or dieLog(mysql_error()); toLog('login', $userInfo['en_type'], "Login: U:{$username}, IP:" . getRealIp(), $_SESSION["sessionlogin"]); if ($userInfo['en_gateway_ID'] && $userInfo['en_gateway_ID'] != $_SESSION["gw_id"]) { $_SESSION["gw_switch"] = $userInfo['en_gateway_ID']; } switch ($userInfo['en_type']) { case "merchant": $_SESSION["sessionlogin"] = $userInfo['en_type_ID']; $_SESSION["userType"] = "Merchant"; if (is_string($redirect)) { header("location:" . $etel_domain_path . $redirect); } else { if ($_REQUEST['login_redir']) { header("location:" . $_SESSION["gw_domain"] . base64_decode($_REQUEST['login_redir']) . $redir_add); } else { if ($show_val['cd_completion'] <= 9) { header("location:" . $etel_domain_path . "/SmartProjection.php"); } else { header("location:" . $etel_domain_path . "/SmartProjection.php"); } } } exit; break; case "reseller": $_SESSION["sessionReseller"] = $userInfo['en_type_ID']; $_SESSION["userType"] = "Reseller"; if (is_string($redirect)) { header("location:" . $etel_domain_path . $redirect); } else { if ($_REQUEST['login_redir']) { header("location:" . $_SESSION["gw_domain"] . base64_decode($_REQUEST['login_redir']) . $redir_add); } else { header("location:" . $etel_domain_path . "/reseller/blank.php"); } } exit; break; case "admin": $_SESSION["userType"] = "Admin"; $_SESSION["gw_user_username"] = $username; $_SESSION["gw_user_password"] = $password; $_SESSION["gw_user_hash"] = md5($username . $password); if ($redirect === true) { if ($_REQUEST['login_redir']) { header("location:" . $_SESSION["gw_domain"] . base64_decode($_REQUEST['login_redir']) . $redir_add); } else { if ($userInfo['li_level'] == 'singleview' || $userInfo['li_singleview_allow']) { $pages = explode("|", $userInfo['li_singleview_allow']); header("location:" . $etel_domain_path . "/admin/" . $pages[0]); } else { header("location:" . $etel_domain_path . "/admin/blank.php"); } } exit; } else { if ($redirect != "None") { header("location:" . $etel_domain_path . $redirect); exit; } } break; } } else { toLog('login', 'misc', "Login Failed: U:{$username}, IP:" . getRealIp(), $_SESSION["sessionlogin"]); return array('status' => false, 'msg' => "Invalid Username/Password."); } }
$trans_table = "`cs_transactiondetails`"; if ($testmode) { $trans_table = "`cs_test_transactiondetails`"; } $sql = "SELECT * FROM {$trans_table} WHERE {$affiliation} AND `td_recur_processed` = 0 and status='A' AND `td_recur_next_date`>=CURDATE()"; $result = mysql_query($sql, $cnn_cs) or dieLog("ERR"); $num = mysql_num_rows($result); //if($num<1) die("UNF"); $htpasswd = ""; $numPass = 0; while ($accountInfo = mysql_fetch_assoc($result)) { // Adding user $tohash .= $accountInfo['td_username'] . ":" . $accountInfo['td_password']; $username = $accountInfo['td_username']; $password = crypt($accountInfo['td_password']); $htpasswd .= $username . ":" . $password . "\n"; $numPass++; } $hash = md5($tohash); if ($hash == $siteInfo['cs_user_checksum'] && !$forceupdate) { die("CUR"); } $testmode_msg = "Live Mode"; if ($testmode) { $testmode_msg = "Test Mode"; } //$showsql = $sql; toLog('login', 'merchant', $siteInfo['cs_URL'] . " Requests .htpasswd Update in {$testmode_msg}: ({$numPass}) SQL={$showsql} AllowAny={$allow_any_site} IP=" . getRealIp(), $cs_company_id); $result = mysql_query("UPDATE `cs_company_sites` set `cs_user_checksum`= '{$hash}' WHERE `cs_gatewayId` = " . $_SESSION["gw_id"] . " AND `cs_reference_id` = '{$mt_reference_id}'", $cnn_cs) or dieLog("ERR"); //$ht->addLogin(); die($htpasswd);
function found() { include 'dati.php'; $date = gmdate(DATE_RFC822, getRealHour()); $ip = getRealIp(); if ($dati['logging'] == 1) { $file = fopen('log.txt', 'a+'); fwrite($file, $_SERVER['PHP_SELF'] . " \n " . $_SERVER['REQUEST_URI'] . " \n" . $_SERVER['HTTP_USER_AGENT'] . " \n" . $date . " \n" . $ip . "\n\n\t ________________________________________\n"); fclose($file); } if ($dati['alert'] == 1) { mail($dati['email_admin'], 'unsyIDS stopped an attack', 'I just stopped an attack on your site If you have turned on the logging system you can read the list of attack stopped Date of attack: ' . $date . ' Query string: ' . $_SERVER['QUERY_STRING'] . ' User Agent: ' . $_SERVER['HTTP_USER_AGENT'] . ' Ip: ' . $ip . ' Thanks for using this software, Have a nice day', 'X-Mailer: unsyIDS \\r\\n Content-type: text; charset=iso-8859-1 \\r\\n, Content-Transfer-Encoding: 8bit\\n\\n'); } if ($dati['alert'] == 1) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="it"> <head> <title>Buhahahahahaha</title> <!-- meta tag --> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Language" content="en" /> <meta name="Keywords" content="unsigned space" /> <meta name="Owner" content="Luca \'Unsigned\' <*****@*****.**>" /> <meta name="Author" content="Luca \'Unsigned\' <luca@unsigned.it)" /> <meta name="distribution" content="Global" /> <meta name="generator" content="Vim" /> <meta name="cms" content="unsyIDS" /> <meta name="Copyright" content="unsigned.it" /> <style> body{ background-color: #000000; color:#00ff00; text-align:center; } </style> </head> <body> <h1>Lolz you fail</h1> <p>Attack found from <?php echo $ip; ?> </p> <p>Your browser is: <?php echo htmlentities($_SERVER['HTTP_USER_AGENT']); ?> </p> <p>Powered by unsyIDS</p> </body> </html> <?php } die; }
function en_confirm_website($cs_ID, $cs_verified, $cs_reason) { global $curUserInfo; if (!$curUserInfo['en_access'][ACCESS_AUTH_RISK_REVIEW]) { return array('msg' => 'Invalid Access', 'status' => false); } $return = array('msg' => 'Website Failed to Update', 'status' => false); if ($cs_verified == 'declined' && strlen($cs_reason) < 3) { return array('msg' => 'Website Failed to Update: Invalid Reason', 'status' => false); } $cs_ID = intval($cs_ID); $cs_verified = quote_smart($cs_verified); $cs_reason = quote_smart($cs_reason); $sql = "select * from `cs_company_sites` as cs where cs.cs_ID='{$cs_ID}' "; $result = sql_query_read($sql) or dieLog(mysql_error() . " {$sql}"); $siteInfo = mysql_fetch_assoc($result); $entityInfo = en_get_general_info($siteInfo['cs_en_ID']); $letterTempate = 'merchant_website_approved'; if ($cs_verified == 'declined') { $letterTempate = 'merchant_website_declined'; } $cs_URL = $siteInfo['cs_URL']; $emailData["email"] = $entityInfo['en_email']; if (!sizeof($entityInfo['Affiliates']['Representative'])) { $entityInfo['Affiliates']['Representative'][] = array('en_email' => '*****@*****.**', 'en_company' => 'Default Rep'); } if ($entityInfo['Affiliates']) { foreach ($entityInfo['Affiliates'] as $type => $group) { if (in_array($type, array('Reseller', 'Representative'))) { foreach ($group as $id => $data) { } } } } $emailData["email"] .= ', ' . $data['en_email']; $emailData["companyname"] = $entityInfo['en_company']; $emailData["Reference_ID"] = $entityInfo['en_ref']; $emailData["gateway_select"] = $entityInfo['en_gateway_ID']; $emailData["Message"] = $cs_reason; $emailData["site_URL"] = $siteInfo['cs_URL']; $sql = "Update `cs_company_sites` as cs set `cs_verified` = '{$cs_verified}',`cs_reason` = '{$cs_reason}' where `cs_ID` = '{$cs_ID}'"; $result = sql_query_write($sql) or dieLog(mysql_error()); if (mysql_affected_rows()) { $return = array('msg' => "Site '" . $entityInfo['cs_name'] . "' Updated Successfully (" . ucfirst($cs_verified) . "). Email sent to '" . $emailData["email"] . "'", 'status' => true); } toLog('misc', 'merchant', "Merchant Site {$cs_URL} has been set " . ucfirst($cs_verified) . " by IP:" . getRealIp(), $_SESSION["sessionlogin"]); if ($cs_verified != 'ignored') { send_email_template($letterTempate, $emailData); } return $return; }
} } } if (!$gateway_db_select) { die("Invalid Access {$gateway_db_select}"); } $gwInfo = $etel_gw_list[$gateway_db_select]; if ($gwInfo) { foreach ($gwInfo as $k => $d) { $_SESSION[$k] = $d; } } $_SESSION["gw_database"] = $gwInfo['gw_database']; $curtemplate_overwrite = $gwInfo['gw_template']; $gw_title_overwrite = $gwInfo['gw_title']; $etel_current_ip = getRealIp(); //if(ip2long($etel_current_ip)==$gwInfo['gw_debug_ip'] && !isset($etel_debug_mode)&& ip2long($etel_current_ip)!='1193664307') $etel_debug_mode = 1; if ($gw_title_overwrite) { $_SESSION["gw_title"] = $gw_title_overwrite; } $database["database"] = $_SESSION["gw_database"]; mysql_select_db($database["database"], $cnn_cs) or die("Unable to connect database: " . $database["database"]); $redirect_home = false; if ($_SESSION["userType"] == "Admin") { unset($_SESSION["gw_switch"]); $sql = "\r\n\t\tselect \r\n\t\t\t*\r\n\t\tfrom \r\n\t\t\tcs_entities as en \r\n\t\twhere \r\n\t\t\ten_username='******' \r\n\t\t\tand en_password='******' \r\n\t\t"; $result = sql_query_read($sql) or dieLog(mysql_errno() . ": " . mysql_error() . "<BR>Cannot execute query {$sql}"); if (mysql_num_rows($result) < 1) { $redirect_home = true; } else { $curUserInfo = mysql_fetch_assoc($result);
$tran_login_type = ""; if ($i_company_id != "") { $sql_trans_type = "Select transaction_type,bank_Creditcard from cs_companydetails where userid={$i_company_id}"; if ($show_trans_show = mysql_query($sql_trans_type)) { if ($show_val = mysql_fetch_array($show_trans_show)) { $tran_login_type = $show_val[0]; $bank_Creditcard = $show_val[1]; } } } if ($tran_login_type == "tele") { $i_to_day = date("d", mktime(0, 0, 0, $i_to_month, $i_to_day + 1, $i_to_year)); $i_to_month = date("m", mktime(0, 0, 0, $i_to_month, $i_to_day + 1, $i_to_year)); $i_to_year = date("Y", mktime(0, 0, 0, $i_to_month, $i_to_day + 1, $i_to_year)); } $domain = getRealIp(); ?> <script language="javascript" src="../scripts/general.js"></script> <script language="javascript" src="../scripts/creditcard.js"></script> <script language="javascript" src="../scripts/formvalid.js"></script> <script> function func_gercurrency(check){ if (check=='set'){ var currency = document.creditcardFrm.cardtype.value; if(currency=='Master') { <?php $str_currency = $mastercurrency; ?> //document.getElementById('txt_amount').firstChild.nodeValue='(<?php echo $str_currency;
/** * Send an email about a possible hack to the admin * * @param string $where - where the event happened */ function writeLog($where) { $ip = getRealIp(); // Get the IP from superglobal $host = gethostbyaddr($ip); // Try to locate the host of the attack // create a logging message with php heredoc syntax $logging = <<<LOGMSGG \tThere was a hacking attempt,. \tIP-Adress: {$ip} \tHost of Attacker: {$host} \tPoint of Attack: {$where} LOGMSGG; // Awkward but LOG must be flush left // log the message echLog('hack', $logging); }
if (is_array($_POST['Ignore_Website'])) { foreach ($_POST['Ignore_Website'] as $cs_ID) { $cs_ID = intval($cs_ID); $cs_reason = $_POST['Reject_Reason_' . $cs_ID]; $sql = "select * from `cs_email_lists` as ec left join `cs_companydetails` as cd on cd.userId=cs.cs_company_id where cs.cs_ID='{$cs_ID}'"; $result = mysql_query($sql) or dieLog(mysql_error()); $companyInfo = mysql_fetch_assoc($result); $cs_URL = $companyInfo['cs_URL']; $sql = "Update `cs_email_lists` set `ec_type` = 'ignored',`cs_reason` = '{$cs_reason}' where `cs_ID` = '{$cs_ID}'"; $result = mysql_query($sql) or dieLog(mysql_error()); if (sizeof($recentIDs) > 9) { array_pop($recentIDs); } $recentIDs[] = $cs_ID; $msg .= "<span class='approved'>{$cs_URL} has been Ignored.</span><BR>\n"; toLog('misc', 'merchant', "Merchant Site {$cs_URL} has been Ignored by IP:" . getRealIp(), $_SESSION["sessionlogin"]); } } } $_SESSION['recentEmailIds'] = $recentIDs; $recentIDsql = ""; if (is_array($recentIDs)) { foreach ($recentIDs as $id) { $recentIDsql .= " or (`el_ID` = '{$id}') "; } } $sql = "SELECT count(ec_email) as cnt\nFROM `cs_email_lists` as ec \nWHERE 1"; $result = mysql_query($sql) or dieLog(mysql_error()); $numEmails = mysql_fetch_assoc($result); $numEmails = $numEmails['cnt']; $sql = "SELECT ec.*,companyname,reseller_companyname,reference_number,cd.userId,rd.reseller_id,td.transactionId\nFROM `cs_email_lists` as ec \nleft join `cs_companydetails` as cd on cd.userId=ec_item_ID AND ec_type='merchant'\nleft join `cs_resellerdetails` as rd on rd.reseller_id=ec_item_ID AND ec_type='reseller'\nleft join `cs_transactiondetails` as td on td.transactionId=ec_item_ID AND ec_type='customer'\nWHERE 1\ngroup by ec_ID\norder by\nec_type DESC,\nec_action DESC\n";
$socialno = isset($HTTP_POST_VARS['securityno']) ? quote_smart($HTTP_POST_VARS['securityno']) : ""; $licensestate = isset($HTTP_POST_VARS['licensestate']) ? quote_smart($HTTP_POST_VARS['licensestate']) : ""; $licenceno = isset($HTTP_POST_VARS['driverlicense']) ? quote_smart($HTTP_POST_VARS['driverlicense']) : ""; $misc = isset($HTTP_POST_VARS['misc']) ? quote_smart($HTTP_POST_VARS['misc']) : ""; $domain1 = isset($HTTP_POST_VARS['domain1']) ? quote_smart($HTTP_POST_VARS['domain1']) : ""; $str_3DS = isset($HTTP_POST_VARS['securepin']) ? quote_smart($HTTP_POST_VARS['securepin']) : ""; $mt_prod_desc = isset($HTTP_POST_VARS['productdescription']) ? quote_smart($HTTP_POST_VARS['productdescription']) : ""; $socialno = isset($HTTP_POST_VARS['securityno']) ? quote_smart($HTTP_POST_VARS['securityno']) : ""; $site_id = isset($HTTP_POST_VARS['selectSite']) ? quote_smart($HTTP_POST_VARS['selectSite']) : ""; $testmode = isset($HTTP_POST_VARS['testmode']) ? quote_smart($HTTP_POST_VARS['testmode']) : ""; if ($testmode) { $testmode = "Test"; } else { $testmode = "Live"; } $ipaddress = getRealIp(); if (!$ipaddress) { $ipaddress = "64.91.254.105"; } $ipaddress = "64.91.254.105"; $dateOfBirth = ""; $validupto = "{$yyyy}/{$mm}"; $i_return_url = 'virtualterminal.php'; if ($companyInfo['block_virtualterminal'] != 0) { $msgdisplay + "Hack Attempt Recorded. You may not process virtualterminal transactions."; message($msgdisplay, $msgdisplay, $msgdisplay); toLog('hackattempt', 'customer', "Customer Attempted to process a virtual terminal transaction in " . basename(__FILE__) . " on Line " . __LINE__ . " {$msgdisplay}", $companyid); exit; } $qrt_select_company = "Select companyname,transaction_type,cc_billingdescriptor,email,send_mail,send_ecommercemail,bank_Creditcard,bank_shopId,bank_Username,bank_Password,sdateofbirth from cs_companydetails where userid='{$companyid}'"; if (!($show_sql_run = mysql_query($qrt_select_company))) {
$return_data['comments'] = $get_comments; echo json_encode($return_data); } //get_comments_information ajax ends //post_comment ajax starts if ($action == 'post_comment') { //pr($_POST); //initialise return data $return_data = array(); //check if user logs in if ($user_id != 0) { //if user is logged in //check if message is received if ($comment) { //message is received $ins = $database->insert("comments", array("comment" => $comment, "user_id" => $user_id, "module_type" => $module_type, "module_id" => $module_id, "ip" => getRealIp())); if ($ins) { $return_data['status'] = "success"; } else { $return_data['status'] = "unable to post comment"; } } else { //message is not received $return_data['status'] = "no message"; } } else { //if user is not logged in $return_data['status'] = "no login"; } echo $return_data['status']; }